US Hacker Sets Off 156 Sirens At Midnight (dallasnews.com)

← Back to Stories (view on slashdot.org)

US Hacker Sets Off 156 Sirens At Midnight (dallasnews.com)

Posted by EditorDavid on Saturday April 8, 2017 @04:34PM from the messing-with-Texas dept.

"I had the displeasure of being awoken at midnight to the sounds of civil-defense/air-raid sirens," writes very-long-time Slashdot reader SigIO, blaming "some schmuck with a twisted sense of humor." The Dallas News reports: Rocky Vaz, director of Dallas' Office of Emergency Management, said that all 156 of the city's sirens were activated more than a dozen times... Dallas officials blame computer hacking for setting off emergency sirens throughout the city early Saturday... It took until about 1:20 a.m. to silence them for good because the emergency system had to be deactivated. The system remained shut down Saturday while crews safeguarded it from another hack.

The city has figured out how the emergency system was compromised and is working to prevent it from happening again, he said... The city said the system should be restored Sunday or Monday.
City officials reported 4,400 calls to their 9-1-1 emergency phone number in the first four hours of Saturday morning, with over 800 occurring in that first 15 minutes when all 156 sirens started going off simultaneously.

35 of 230 comments (clear)

Min score:

Reason:

Sort:

Don't encourage him by Anonymous Coward · 2017-04-08 16:43 · Score: 2, Insightful

He's a dick who doesn't give a shit about endangering people who really need emergency services.
1. Re:Don't encourage him by ShanghaiBill · 2017-04-08 17:34 · Score: 4, Insightful
  
  He didn't break the 911 emergency number. The people did that to themselves by flooding the number with calls. Blame where blame is due.
  Those people were idiots. If the sirens are blaring, then it is obvious that the authorities are already aware of the problem.
2. Re:Don't encourage him by phantomfive · 2017-04-08 18:20 · Score: 2
  
  If no one knows what to do when they hear the siren, then there's really not much point in having the siren in the first place.
  
  --
  "First they came for the slanderers and i said nothing."
3. Re:Don't encourage him by ShanghaiBill · 2017-04-08 18:58 · Score: 2
  
  If no one knows what to do when they hear the siren, then there's really not much point in having the siren in the first place.
  1.2 million people live in Dallas. 4400 confused people, or about a third of 1%, dialed 911. You can't extrapolate from that to say that "no one" knew what to do.
  For the clueless, here is what you should do when you hear a siren:
  1. If you are in a tsunami warning area, head for higher ground.
  2. Make sure your house isn't on fire.
  3. If you have an air raid or fallout shelter, get in and seal the door.
  4. If none of the above apply, then go back to bed and hope that someone else deals with the problem.
4. Re:Don't encourage him by AxeTheMax · 2017-04-08 19:41 · Score: 2
  
  So in this case, that would be no one matching the first criterion, almost no one matching the second, a very few with a shelter that they could use. So everyone else goes back to sleep. The article did not say what the immediate response of the authorities was, did radio and TV stations promptly transmit a 'do not worry' message? What is the point of the emergency siren again?
5. Re:Don't encourage him by Ol+Olsoc · 2017-04-09 01:57 · Score: 2
  
  He didn't break the 911 emergency number. The people did that to themselves by flooding the number with calls. Blame where blame is due.
  Those people were idiots. If the sirens are blaring, then it is obvious that the authorities are already aware of the problem.
  Then again, so is turning the Sirens into yet one more IoT failure point.
  I remember when I pointed out that if it was cheap and easy to control all these IoT things, it would likewise be cheap and easy to get into them.
  I remember when I was scoffed at every time I brought that up.
  We are going to find out what things are connected to the internet in the next couple years by them failing.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
6. Re:Don't encourage him by EvilSS · 2017-04-09 03:59 · Score: 3, Funny
  
  If no one knows what to do when they hear the siren, then there's really not much point in having the siren in the first place.
  1.2 million people live in Dallas. 4400 confused people, or about a third of 1%, dialed 911. You can't extrapolate from that to say that "no one" knew what to do.
  For the clueless, here is what you should do when you hear a siren: 1. If you are in a tsunami warning area, head for higher ground. 2. Make sure your house isn't on fire. 3. If you have an air raid or fallout shelter, get in and seal the door. 4. If none of the above apply, then go back to bed and hope that someone else deals with the problem.
  Great, you just killed everyone in tornado country. Hope you are happy.
  
  --
  I browse on +1 so AC's need not respond, I won't see it.
7. Re: Don't encourage him by jrmcferren · 2017-04-09 10:59 · Score: 3, Informative
  
  Don't laugh, but that's actually how the sirens in my county are activated. Each fire station's siren has a tone pair along with an all siren tone pair and a cancel tone pair for the all call tone. For an auto accident you usually get (not sure of the order) Siren Tones, Fire Pager Tones, EMS Pager tones, and a human decoded auto accident tone. This is simulcast from two sites on the main frequency (not sure if the other UHF system is still active) and the audio is carried on the digital P25 dispatch talk group.
  Oh and we don't use what the people in the business call VHF (15X to 16X MHz range) we use Low Band (3X and 4X MHz Range).
  
  --
  sudo mod me up
Re: Open letter to the so-called texan: STF up by Anonymous Coward · 2017-04-08 16:52 · Score: 3, Insightful

Dear Texas: you have shit security and morons managing it. This is dangerous. I sounded the appropriate warning systems.
Maybe not what it seems... by shaitand · 2017-04-08 16:54 · Score: 4, Informative

There have been recent reports of problems with the Dallas 911 infrastructure causing hold times and delays which resulted in deaths. This may have been an attempt to further highlight the problems.
1. Re:Maybe not what it seems... by Zemran · 2017-04-08 20:53 · Score: 2, Insightful
  
  I like the way they blame the unknown entity "hackers" rather than accept responsibility for their own lax security. First and foremost it is their fault for running an open system. The hackers should be sought but first and foremost the problem is lax security.
  
  --
  I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
City full of Stupid by Anonymous Coward · 2017-04-08 16:59 · Score: 3, Insightful

City officials reported 4,400 calls to their 9-1-1 emergency phone number in the first four hours of Saturday morning, with over 800 occurring in that first 15 minutes when all 156 sirens started going off simultaneously.
People, people, people, when the emergency sirens are sounding, the authorities already know about the emergency. You don't need to call 9-1-1 to tell them about it, really.
People are so incredibly stupid.
Let me guess by JustAnotherOldGuy · 2017-04-08 16:59 · Score: 3, Funny

Let me guess, SQL injection strikes again?

--
Just cruising through this digital world at 33 1/3 rpm...
1. Re:Let me guess by gijoel · 2017-04-08 18:38 · Score: 3, Funny
  
  Damn you Bobby Drop_Tables.
No up to date firewall? by ITRambo · 2017-04-08 17:00 · Score: 4, Informative

I've seen municipal systems that were set up years ago without any hardware firewalls, just Windows XP. They ignored my advice to harden the systems. It's alarming that towns are not fully proactive about their municipal Internet-of-things. This alarm system in Dallas is simply mischief that points out the flaws in one system. Other systems, some critical to a town's functioning, are still vulnerable. Politicians are mostly dumbasses that run on ideas, but once in office are dumbfounded, dazed and confused., on all levels of government.
1. Re:No up to date firewall? by Sarten-X · 2017-04-08 17:27 · Score: 4, Insightful
  
  On the one hand, you have a low-damage attack that has happened once in a few decades. On the other, you have the real cost of continually upgrading and hardening (and re-hardening) a system over those few decades, taking funding away from other public programs.
  As a taxpayer, I'm okay with risking an unscheduled wakeup, if it means my local high school gets an arts program. As a security expert, I'm still okay with the low risk of leaving such vulnerabilities open, as long as they aren't able to be used as staging for other attacks.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
2. Re:No up to date firewall? by ogdenk · 2017-04-08 17:33 · Score: 2
  
  If it only costs them $800 to properly secure the civil defense alarms.... that won't buy your HS an arts program and they should lock it down. And when these alarms go off, we don't want people desensitized to them. It means get in your bomb shelter.
  The last thing you want is to get nuked and have these alarms disabled beforehand. Few survivors beats no survivors.
Re: Open letter to the so-called texan: STF up by Sarten-X · 2017-04-08 17:19 · Score: 5, Insightful

Everywhere has shit security. Every manager is a moron. Everything is dangerous.
A door being unlocked does not give one the right to steal what's behind it, and similarly having a vulnerable system does not give one the right to attack it.

--
You do not have a moral or legal right to do absolutely anything you want.
Easily compromised by Torin+Darkflight · 2017-04-08 17:27 · Score: 5, Informative

Having in the past been "one of those weird people interested in warning sirens as a hobby", I have a fair bit of knowledge to how insecure their control systems actually are, and thus how trivially easy it is to compromise them. Although security is slowly improving, a lot of older siren systems are controlled using unencrypted analog radio signals transmitting standard DTMF (telephone-type) tones. For a malicious person, it is shockingly easy for them to turn on an off-the-shelf police scanner, find the frequency used to control the system, record the activation signal (such as during a regular monthly test), then at a later time use an illegal transmitter of some sort to rebroadcast that recorded activation signal on the same frequency over and over. I do not know what control method Dallas uses for their siren system, but the fact that one of the news articles (CBS News) I read about this said the FCC has been asked to help investigate leads me to believe more than likely such an attack was utilized...and this isn't the first time such has happened.
1. Re:Easily compromised by phantomfive · 2017-04-08 18:10 · Score: 2
  
  I cut those old system designers a break. Security wasn't well understood in those days. Remember most Unix systems were still using telnet and rlogin. We were all a little lousy at security.
  
  --
  "First they came for the slanderers and i said nothing."
Re:Russians did it by Jason1729 · 2017-04-08 19:23 · Score: 2

You know Russia has subs parked on every undersea communication link that the US has right? The first blow in any war will be the US having its metaphorical eyes, ears, and tongue hacked off.
Far worse... by johannesg · 2017-04-08 19:55 · Score: 3, Insightful

So the sirens sound, and presumably the North Koreans have a nuclear strike on the way. And what do the good citizens do? _nothing_. Only 4400 actually tried to figure out what was wrong; the rest simply ignored it.
You might as well get rid of the entire system, nobody cares about it anyway...
1. Re:Far worse... by JaredOfEuropa · 2017-04-08 20:19 · Score: 3, Insightful
  
  You figure out what's wrong by turning on the TV or radio. In fact isn't that what they advise you to do when the siren goes off? What do you expect froma call to the emergency number? "Yes, a nuclear strike was launched and you have about 10 minutes. Would you mind warning your neighbours? Oh, and remember to duck and cover, have a nice day".
  
  The emergency number is for people with an actual emergency
  
  --
  If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
2. Re:Far worse... by Mordaximus · 2017-04-08 23:53 · Score: 5, Informative
  
  So the sirens sound, and presumably the North Koreans have a nuclear strike on the way. And what do the good citizens do? _nothing_. Only 4400 actually tried to figure out what was wrong; the rest simply ignored it.
  You might as well get rid of the entire system, nobody cares about it anyway...
  Considering that the sirens are to get people indoors in the event of Severe Weather and that most people were probably indoors when they went off, it's not surprising they did _nothing_ apart from what they are supposed to do - monitor radio and television.
  Dallas outdoor warning sirens.
Re:very-long-time Slashdot reader SigIO by thegreatbob · 2017-04-08 20:29 · Score: 2

UID doesn't really tell us anything beyond how long ago someone registered their account... I was reading Slashdot for several years before I ever registered an account. Might still have been in the 6 digits, I don't really know. I also don't really care.

--
There is no XUL, only WebExtensions...
Radio / TV by DrYak · 2017-04-08 20:39 · Score: 2

The article did not say what the immediate response of the authorities was, did radio and TV stations promptly transmit a 'do not worry' message?
How does this work in the US ?
Here around in Europe, the authorities are supposed to immediately broadcast informations about the alert on all available channels (TV, radio, web, public announcement systems, etc.) informing about the nature of the threat and the proper procedure to follow to stay sage.
(Well in theory. In practice, given the relative peacefulness of life Europe, 99.9% times you're going to hear a siren, it's just a test of the system as announced the day before in the local newspaper / newscast, and the only thing you're supposed to do is just check that you can hear them and then eventually proceed with the announced evacuation drill that your employer has planned to coincide on that day).

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
1. Re:Radio / TV by markdavis · 2017-04-08 23:51 · Score: 3, Informative
  
  >"How does this work in the US ? Here around in Europe, the authorities are supposed to immediately broadcast informations about the alert on all available channels (TV, radio, web, public announcement systems, etc.) "
  Correct, that is the way it works here. If sirens go off, you are supposed to seek out a broadcast to determine the nature of the emergency. Where I live, it is always a weather emergency (like a tornado warning; and no, even though we don't live in "tornado alley", several touch down every year).
  They are also used for nuclear power plant incidents, extreme thunderstorms, hurricanes, and civil defense.
2. Re:Radio / TV by Megane · 2017-04-09 00:00 · Score: 3, Insightful
  
  In these days of shifting from "Cable is King" to Cord Cutters... well, as far as I know, they did get the cable companies to put emergency interrupt capability in every fucking channel. But it's a bit hard to do that with Netflix, or even an https request.
  And the problem with disaster emergencies is that they are so infrequent that the mindless masses have no clue what to do, because it hasn't happened since the last Oscars, and that's as far as they can remember before their ADD kicks in and they start wondering what all the gossip page celebrities are doing.
  To make it worse, now mostly mundane stuff has become an "ALERT!!!!!111!!!", which contributes to giving everyone alert fatigue, and when something real happens, they don't even know if they are supposed to care. But a siren going off while they're trying to sleep? In the land of people calling 9-1-1 because their fast food isn't fast enough?
  
  --
  #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
3. Re:Radio / TV by Ol+Olsoc · 2017-04-09 02:13 · Score: 5, Informative
  
  I
  To make it worse, now mostly mundane stuff has become an "ALERT!!!!!111!!!", which contributes to giving everyone alert fatigue, and when something real happens, they don't even know if they are supposed to care?
  Exactly this. We've gotten so many alerts that we gave up and turned them off. And most were stupid. Most are too far away, most are false alarms, like when a woman thought her kid was abducted by her Ex, and it turned out the little girl had gotten in the car, took it out of gear, and the car drifted down the driveway and into the nearby woods. Even so, that alert was like 200 miles away.
  We had one right in our neighborhood when a little boy was a couple minutes late walking home from school. Full alert with the dogs and police and rescue groups activated. Turned out the reason he was 5 minutes late was he stopped to talk to a friend. So 10 minutes after the alert, it was called off. And my alerts were all turned off.
  Society might be happy to go insane, And turn it up to 11 on everything, but I don't feel like participating.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
4. Re:Radio / TV by knorthern+knight · 2017-04-09 05:43 · Score: 3, Interesting
  
  > In these days of shifting from "Cable is King" to Cord Cutters... well, as far as I know,
  > they did get the cable companies to put emergency interrupt capability in every
  > fucking channel. But it's a bit hard to do that with Netflix, or even an https request.
  That's where AM and FM radio excel. Turn it on and listen. They both have longer range than cellphone cells, and continue functioning when the cell network gets overloaded. While we're at it, most smartphones *SHOULD* be capable of FM radio reception. But many smartphones in the USA are deliberately crippled, due to cell carriers demading this from OEMs. This is greed, pure and simple. The carriers want people to pay through the nose for data over-usage, rather than listening to FM radio for free. https://yro.slashdot.org/story...
  
  --
  
  I'm not repeating myself
  I'm an X window user; I'm an ex-Windows user
5. Re:Radio / TV by timholman · 2017-04-09 06:04 · Score: 2
  
  Exactly this. We've gotten so many alerts that we gave up and turned them off. And most were stupid. Most are too far away, most are false alarms ...
  
  About a year ago, my employer used our cellphone emergency alert system (originally intended to warn everyone of an actual campus emergency) to call everyone at 12:30 a.m. with a prerecorded message, telling every university employee that a shooting had occurred at a restaurant about 1.5 miles from campus. About an hour later, we got another alert telling us that the shooter had fled from the restaurant, and was being sought by city police. As you might guess, the shooter never came anywhere close to campus before being captured.
  The next day, I checked with my colleagues, and everyone had done the same thing - either opted out of the emergency alert system, or blocked the number. The system became useless and was abandoned in favor of an emergency warning app that everyone is supposed to download and install - which, of course, no one has.
  The so-called "fake news" controversy doesn't hold a candle to the very real problem with "fake alerts". One day an honest-to-God emergency will really happen, and no one will be listening.
6. Re:Radio / TV by Cro+Magnon · 2017-04-10 02:47 · Score: 2
  
  Yesterday, I was driving around with my GF, and her phone made a awful noise. Turned out there was an Amber Alert. For a second I wondered why my phone hadn't gone off, then I remembered I'd turned off Amber Alerts after that time it went off 5 times at night for an alert in a nearby city that turned out to be a custody dispute.
  
  --
  Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Re:Russians did it by drinkypoo · 2017-04-08 20:40 · Score: 4, Insightful

You know Russia has subs parked on every undersea communication link that the US has right? The first blow in any war will be the US having its metaphorical eyes, ears, and tongue hacked off.
Hence the interest in satellite-to-satellite communications.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:Russians did it by fahrbot-bot · 2017-04-09 04:22 · Score: 2

You know Russia has subs parked on every undersea communication link that the US has right? The first blow in any war will be the US having its metaphorical eyes, ears, and tongue hacked off.
Hence the interest in satellite-to-satellite communications.
Sure, but the Russians have subs parked near every satellite too -- checkmate.

--
It must have been something you assimilated. . . .
Better Theory by Cinnamon+Beige · 2017-04-10 04:55 · Score: 2

It's Russia. If that's not paranoia, the odds are that those subs have been there since before the USSR collapsed--and are still there because they're not going anywhere, unless somebody works out how to tow a mildly defunct sub that can't manage to surface.
I'm getting rather amused by the Left's current paranoia about Russia's abilities. I'm more inclined to think that this air raid siren hack will turn out to be the result of incompetence, particularly given the speed of the patching of security. It looks suspiciously like they'd been told politely to patch, were too lazy to patch, and got put in a position where they had to patch.